Access List Facts
Routers use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list.
- Access lists describe the traffic type that will be controlled.
- Access list entries describe the traffic characteristics.
- Access list entries identify either permitted or denied traffic.
- Access list entries can describe a specific traffic type, or allow or restrict all traffic.
- When created, an access list contains an implicit deny any entry at the end of the access list.
- Each access list applies only to a specific protocol.
- Each router interface can have up to two access lists for each protocol, one for incoming traffic and one for outgoing traffic.
- When an access list is applied to an interface, it identifies whether the list restricts incoming or outgoing traffic.
- Access lists exist globally on the router, but filter traffic only for the interfaces to which they have been applied.
- Each access list can be applied to more than one interface. However, each interface can only have one incoming and one outgoing list.
- Access lists can be used to log traffic that matches the list statements.
- Access lists applied to inbound traffic filter packets before the routing decision is made. Access lists applied to outbound traffic filter packets after the routing decision is made.
When you create an access list, it automatically contains a deny any statement, although this statement does not appear in the list itself. For a list to allow any traffic, it must have at least one permit statement, either permitting a specific traffic type or permitting all traffic not specifically restricted.
There are two general types of access lists: basic and extended.
Use a standard list to filter on... | Use an extended list to filter on... |
Source hostname or host IP address | Source IP protocol (i.e. IP, TCP, UDP, etc.) |
Tidak ada komentar:
Posting Komentar